I'm a beginner to learning wireshark, so please go easy on me. How can I find out if my browser is running HTTP version 1.0 or 1.1? Also, how can I find out what version of HTTP the server running? Is there a specific part of wireshark which displays this information every time? Thanks asked 30 Oct '12, 09:08  smc20 |
One Answer:
Sure. Capture while you browse the internet, and find any GET request your browser does (which means "hello, I want something"). If you have many packets that make it hard to see such requests you can find them by filtering on "http.request.method==GET". In the packet list you'll see that the info column says "GET / HTTP/1.1" or "GET / HTTP/1.0". answered 30 Oct '12, 09:14  Jasper ♦♦ edited 30 Oct '12, 09:15 |
thankyou Jasper that makes sense.
One more question if that's ok. I have a website and according to my cPanel it says:
Apache version 2.2.23 and Operating System linux
I captured packets and browsed to my website. The Hypertext Transfer Protocol in Wireshark picked up my website as:
Server: Apache\r\n
Is this correct? I assumed it would say Linux? Can you explain why it says Apache? Sorry if it's a silly Q.
Thanks again.
It says "Server: Apache" because that is what the HTTP Server application software is. You're looking at the HTTP protocol, so "Linux" would be the wrong answer, because Linux is not an HTTP server application :-)
So yes, that is correct. And it is not a silly Question... it is better to ask to improve knowledge than keeping wondering why things are like they are ;-)
Well that's what is probably configured for Apache. It does not necessarily report it's full version information. Sometimes the version information is done intentionally to keep away script kiddies with their automatic scan/attack tools.
If you set the following Apache config option, it will only report "Apache" in the Server header.
Regards
Kurt
thanks guys, very much appreciated.